Skip to main content
SpringerLink
Log in

Efficient integration of fine-grained access control and resource brokering in grid

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

In this paper, we present a novel resource brokering service for grid systems which considers authorization policies of the grid nodes in the process of selecting the resources to be assigned to a request. We argue such an integration is needed to avoid scheduling requests onto resources the policies of which do not authorize their execution. Our service, implemented in Globus as a part of Monitoring and Discovery Service (MDS), is based on the concept of fine-grained access control (FGAC) which enables participating grid nodes to specify fine-grained policies concerning the conditions under which grid clients can access their resources. Since the process of evaluating authorization policies, in addition to checking the resource requirements, can be a potential bottleneck for a large scale grid, we also analyze the problem of the efficient evaluation of FGAC policies. In this context, we present GroupByRule, a novel method for policy organization and compare its performance with other strategies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Foster I, Kesselman C (1999) The grid: blueprint for a new computing infrastructure, vol 2150. Morgan Kaufmann, San Mateo, pp 2–48

    Google Scholar 

  2. Foster I, Kesselman C, Tuecke S (2001) The anatomy of the grid: enabling scalable virtual organizations. In: Lecture notes in computer science, vol 2150. Springer, Berlin

    Google Scholar 

  3. Foster IT, Kesselman C, Tsudik G, Tuecke S (1998) A security architecture for computational grids. In: Proceedings of the 5th ACM conference on computer and communications security. ACM Press, New York, pp 83–92

    Chapter  Google Scholar 

  4. Butler R et al. (2000) A national-scale authentication infrastructure. IEEE Comput 33(12):60–66

    MathSciNet  Google Scholar 

  5. Anderson DP (2004) Boinc: a system for public-resource computing and storage. In: In 5th IEEE/ACM international workshop on grid computing, November 2004

  6. Foster I, Kesselman C, Pearlman L, Tuecke S, Welch V (2003) The community authorization service: status and future. In: 2003 conference for computing in high energy and nuclear physics, 2003

  7. Brostoff S, Sassea MA, Chadwick D, Cunningham J, Mbanaso U, Otenko O (2004) Rbac what? development of a role-based access control policy writing tool for e-scientists. Softw Pract Exp Grid Secur 35(9):835–856

    Article  Google Scholar 

  8. Lorch M, Adams D, Kafura D, Koneni M, Rathi A, Shah S (2003) The prima system for privilege management, authorization and enforcement in grid environments. In: 4th int workshop on grid computing—grid 2003, 2003

  9. Foster I, Kesselman C (1997) Globus: a metacomputing infrastructure toolkit. Int J Supercomput Appl 11(2):115–128

    Article  Google Scholar 

  10. Krauter K, Buyya R, Maheswaran M (2002) A taxonomy and survey of grid resource management systems for distributed computing. Softw Pract Exp 32(2):135–164

    Article  MATH  Google Scholar 

  11. Housley R, Polk W, Ford W, Solo D (2002) Internet x.509 public key infrastructure certificate and crl profile, RFC3280

  12. Bertino E, Castano S, Ferrari E (2001) On specifying security policies for web documents with an xml-based language. In: SACMAT01 ACM symposium on access control models and technologies, 2001

  13. XAMCL and OASIS Security Services Technical Committee (2005) eXtendible Access Control Markup Language (xacml) committee specification 2.0, February 2005

  14. BEA, IBM, Microsoft and SAP (2002) Web services policy language (ws-policy), 2002

  15. Tannenbaum T, Wright D, Miller K, Livny M (2001) Beowulf cluster computing with Linux. MIT Press, Cumberland

    Google Scholar 

  16. SUN Microsystems. Sun’s xacml implementation

  17. Monitoring and Discoverying Service for GT4. http://www.globus.org/toolkit/docs/4.0/info/key-index.html

  18. Tuecke S at al (2003) Open grid services infrastructure (OGSI) version 1.0

  19. Alfieri R et al (2003) (EDG Security Co-ordination Group) Managing dynamic user communities in a grid of autonomous resources. In: Proceedings of computing in high energy and nuclear physics, 2003

  20. Authorization framework and mechanisms GRID (AuthZ) (2003) Grid Forum Working Group. Conceptual authz framework and classification. In: Proc computing in high energy and nuclear physics, 2003

  21. Thompson MR, Essiari A, Mudumbai S (2003) Certificate-based authorization policy in a pki environment. ACM Trans Inf Syst Secur (TISSEC) 6(4):566–588

    Article  Google Scholar 

  22. Azzedin F, Maheswaran M (2002) Integrating trust into grid resource management systems. In: International conference on parallel processing (ICPP’02), August 2002

  23. Azzedin F, Maheswaran M (2004) Toward trust-aware resource management in grid computing systems. In: IEEE international parallel and distributed processing symposium, 2004

  24. Thompson MR, Essiari A, KIeahey K, Welch V, Lang S, Liu B (2003) Fine-grained authorization for job and resource management using akenti and the globus toolkit. In: Conference for computing in high energy and nuclear physics, September 2003

Download references

Author information

Authors and Affiliations

  1. IBM—T.J. Watson, Armonk, USA

    P. Mazzoleni

  2. University of Trento, Trento, Italy

    B. Crispo

  3. Amazon.com, Seattle, USA

    S. Sivasubramanian

  4. Department of Computer Science and CERIAS, Purdue University, West Lafayette, USA

    E. Bertino

Authors
  1. P. Mazzoleni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. Crispo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. Sivasubramanian
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. E. Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to B. Crispo.

Additional information

This work was done during the author’s stay in Vrije Universiteit Amsterdam.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Mazzoleni, P., Crispo, B., Sivasubramanian, S. et al. Efficient integration of fine-grained access control and resource brokering in grid. J Supercomput 49, 108–126 (2009). https://doi.org/10.1007/s11227-008-0248-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-008-0248-3

Keywords

Search

Navigation